hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-28 10:18:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,153 Commits 1,723 Branches 164 Tags
ca08097b56e1874e39cc1f012c8ab9c41bcdc2e9
Commit Graph

1184 Commits

Author SHA1 Message Date
Geoffrey White
91af51cf46 CPP: Change note. 2019-12-13 16:58:37 +00:00
Calum Grant
3049bf2c85 Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest 
Adds CodeQL query to check for Pages with disabled built-in validation
 2019-12-09 13:05:03 +00:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Anders Schack-Mulligen
5a2ed9fd81 Java: Add change note. 2019-12-06 11:50:27 +00:00
james
67eea44678 Merge branch 'rc/1.23' into jf-mergeback-123 2019-12-06 09:16:39 +00:00
Calum Grant
59ce8842bb Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-05 15:58:47 +00:00
Calum Grant
73c8888361 Merge pull request #2356 from cldrn/ASPNetRequestValidationMode 
Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
 2019-12-04 17:02:08 +00:00
Calum Grant
db30947e54 Merge pull request #2490 from felicitymay/1.23/SD-4095-finalize-change-notes-csharp 
1.23/sd 4095 finalize change notes csharp
 2019-12-03 17:38:09 +00:00
Geoffrey White
b752a6c8ed Merge pull request #2381 from jbj/StackVariable 
C++: Add StackVariable class, preferred over LocalScopeVariable
 2019-12-03 10:35:16 +00:00
semmle-qlci
cfcd18b411 Merge pull request #2429 from erik-krogh/typeAheadSink 
Approved by esbena
 2019-12-03 08:07:25 +00:00
Paulino Calderon
24b2471533 Update change-notes/1.24/analysis-csharp.md 
tag update

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
 2019-12-02 16:44:25 -05:00
Nick Rolfe
d293418672 Merge pull request #2478 from jbj/mergeback-20191202 
Mergeback from rc/1.23 to master
 2019-12-02 12:28:20 +00:00
Calum Grant
fcd13dc595 Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode 
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
 2019-12-02 12:03:11 +00:00
semmle-qlci
dc7a0c1b91 Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator 
Approved by calumgrant
 2019-12-02 11:01:35 +00:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen
c6c1ebe81a Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-12-02 08:41:49 +01:00
Calum Grant
a4251f67a2 C#: Analysis change notes. 2019-11-29 10:32:04 +00:00
Max Schaefer
f958916c76 Merge pull request #2330 from erik-krogh/exceptionXss 
JS: Added query for detecting XSS that happens through an exception
 2019-11-29 09:04:45 +00:00
semmle-qlci
73e08eba43 Merge pull request #2468 from max-schaefer/js/regexp-predecessor 
Approved by asgerf
 2019-11-28 16:57:31 +00:00
Jonas Jensen
763b18cd11 Merge remote-tracking branch 'upstream/master' into StackVariable 
Conflicts:
      change-notes/1.24/analysis-cpp.md
      cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
 2019-11-28 17:51:20 +01:00
Max Schaefer
a788bf87a0 JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. 
These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching).

However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order.

Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.
 2019-11-28 15:14:50 +00:00
Calum Grant
5833b15f0e C#: Analysis change notes. 2019-11-27 17:30:02 +00:00
Erik Krogh Kristensen
34e44e89fd Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-27 15:19:06 +01:00
Erik Krogh Kristensen
9351cd44e4 Merge remote-tracking branch 'githubsemmle/master' into HEAD 2019-11-27 13:45:59 +01:00
Felicity Chapman
4070992273 Fix sort order 2019-11-27 12:38:39 +00:00
Felicity Chapman
587dd54a3c Minor text changes 2019-11-27 12:38:38 +00:00
Felicity Chapman
eaf68e86e0 Merge pull request #2443 from tausbn/python-finalise-change-notes 
Python: Update change note for 1.23.
 2019-11-27 11:51:04 +00:00
Taus Brock-Nannestad
b503cdb9d4 Python: Final change note fixes. 
- `false positives` becomes `false positive results`
- Items are listed alphabetically.
- Query IDs are listed.

Also, some of the queries had the wrong name (query message rather than the
actual query name). These have been fixed.
 2019-11-27 12:10:28 +01:00
semmle-qlci
4916bed9cd Merge pull request #2433 from asger-semmle/import-js-file 
Approved by max-schaefer
 2019-11-27 10:55:59 +00:00
Taus
8372039205 Apply suggestions from documentation review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
 2019-11-27 11:50:37 +01:00
Erik Krogh Kristensen
6d63d75d87 remove superfluous line break 
Co-Authored-By: Esben Sparre Andreasen <esbena@github.com>
 2019-11-27 10:52:01 +01:00
Anders Schack-Mulligen
42b51d4ebb Merge pull request #2449 from felicitymay/1.23/SD-4095-finalize-change-notes-java2 
Update data-flow note to match that for C/C++
 2019-11-27 08:50:31 +01:00
semmle-qlci
380a5fc166 Merge pull request #2444 from esbena/js/flow-spread-prop-types 
Approved by max-schaefer
 2019-11-26 22:42:23 +00:00
Felicity Chapman
403565bb06 Update data-flow note to match that for C/C++ 2019-11-26 18:07:51 +00:00
Felicity Chapman
3b7ab8f734 Update shared data-flow note to match that for C/C++ 2019-11-26 18:02:09 +00:00
Jonas Jensen
95bceae915 Merge pull request #2434 from felicitymay/1.23/SD-4095-finalize-change-notes-cpp 
1.23: SD-4095 finalize change notes for C/C++
 2019-11-26 18:56:22 +01:00
Felicity Chapman
4f6660887c Update shared data-flow note for feedback 2019-11-26 16:41:30 +00:00
Erik Krogh Kristensen
b5a57986c6 small changes based on review feedback 2019-11-26 15:57:31 +01:00
Esben Sparre Andreasen
9ffe03bcce JS: support additional Flow syntax: ... in object types 2019-11-26 15:24:27 +01:00
Erik Krogh Kristensen
5a0cabb039 Merge remote-tracking branch 'upstream/master' into typeAheadSink 2019-11-26 14:37:40 +01:00
Taus Brock-Nannestad
35e3e3d2a1 Python: Update change note for 1.23. 2019-11-26 13:58:22 +01:00
Tom Hvitved
355c4f7154 C#: Add change note 2019-11-26 13:54:19 +01:00
Jonas Jensen
b1745f588c Merge pull request #2402 from geoffw0/nospace 
CPP: Make NoSpaceForZeroTerminator.ql more conservative.
 2019-11-26 13:36:05 +01:00
Erik Krogh Kristensen
b06acd1ed0 add change note 2019-11-26 12:52:41 +01:00
Erik Krogh Kristensen
0f948339af add change note 2019-11-26 11:23:30 +01:00
Felicity Chapman
775ed381e1 Update to clarify status of one new query 2019-11-25 17:35:01 +00:00
Asger F
e3e15a6015 JS: Rephrase change note 2019-11-25 17:20:42 +00:00
Asger F
2508da7971 JS: Add change note 2019-11-25 17:01:32 +00:00
Felicity Chapman
87fca1fde6 Remove backticks from 'struct' 2019-11-25 15:56:29 +00:00
Felicity Chapman
49bdf7ed1c Fix table sort order 2019-11-25 15:36:58 +00:00